Cisco Firewall :: ASA 5520 Cannot Block Incoming Traffic

Dec 12, 2012

I was configure 3 interface on ASA1st - managemetn (only for management)2nd - gig0/0 is connected to internet with real IP3rd - gig0/1 is connected to local networkI was configure routed NAT to internet.But I have problem with restriction incomming traffic to inside interface (ifname is inside)but I can connect to ip address of inside interface from other ip. It is wrong and i can't understand where is my mistake.

We have a Cisco ASA 5520 and im looking for a way to monitor largest outgoing and incoming traffic per ip in real time so to know which of my internal computers are using the most of our Internet Line. Is there a way to this through ADSM ? We use version 6.3.

I need to block incoming traffic with Dlink DIR 600. I know how to create the rule source (WAN) to destination (LAN) to deny all protocols. But what IP will I put in WAN? IP address of my Internet? Or how can I enter the ALL IP range in source...format for the IP (it's not 0.0.0.0).

I want to do this because in the DIR log section I'm being PING Flooded. I already un-check "Enable WAN Ping Response" but still receiving the message.

I need to block 4000 nodes (Ultrasurf, TOR exit nodes) and I've written a script that will ssh and copy in these objects (prob 100 at a time) into an object group and then put a blanket deny. I don't see a flood of traffic (occassional hits every other day, etc) but I was wondering what the impact would be? Can the ASA handle an object group of that size plus an ACL with it? Any way to block incoming connections from TOR/Ultrasurf?

I'm new to ASA's and PIX units. I've setup a few VPN's now but know next to nothing about logging on these units. I read the config guide for the PIX, but cannot figure out how to get a log of incoming SMTP traffic going on the console.Do I need to use a SYSLOG server? I can probably set one up on my laptop.

I am trying to switch out a cisco pix 501 firewall with a cisco ASA 5505 firewall. I am not very familiar with all of the commands for the firewalls and have always relied on a standard command line script that I use when building a new one. Unfortunately, my script is not working with the 5505. What I am doing wrong with the following script? I've masked public IP info with xxx.xxx.xxx and I run it right after restoring the firewall to the factory defaults. I am able to get out to the internet if I browse directly from one of the servers, but cannot access a web page when trying to browse to it from an outside network. [code]

Since the power failure two days ago, my -ASA stops forwarding traffic to internal servers, for no apparent reason. Packet trace shows all OK, packet capture buffer stays empty when I try to http into the mail server. The only way to get it working is to change the Outside Ip to the one used for mail, then to change it back. It will work OK for a few hours, then stop, with nothing obvious in the logs.

I am runninng a ASA5520 and ASDM 6.2, I have recenly noticed some MSN traffic on our network. Is there a ASDM policy that I can apply to kill all MSN and Yahoo traffic ? I am looking to block this chat traffic on our network.

I have the below policy-Map in my firewall,according to this policy map how can i block teamvirewer via asa 5520, i don't want the outside users to connect using teamviewer to their servers which is already ready up for teamviewer actions

I'm using ASA 5515X my concern is I was not able to block the traffic of P2P such as BitTorrent etc. I was also view some technotes on how to use webfilter without using Websense or Smartfilter tools and lucky I'm able to block certain websites. how to block the traffic of P2P?

How can I block Ultrasurf Application?I have configured Cisco ASA 5520 with Cisco CSC-SSM module. I have blocked everything Except Business and banking activities.But user can access A 2 Z traffic through Ultrasurf.exe application. which bypasses all possible firewalls.How can I blocked this application?

Is it possible to block internet traffic on the PC using ASA5501 firewall which is used in transperent mode.The DHCP pc is working fine we just need to pass through ASA to block the internet on the pc however intranet should be available.

Having some problems blocking users installing/using secure browsers proxy. Currently runing ASA 5520 ver. 8.3 & IPS SSM-20 7.0 (2) E4 & Websense web filtering. Able to block most proxy sites with Websense that use port 80 but recently found that some users using some products like Njutrino that use their own secure browser that use it's own proxy over SSL connection.

I have an ASA pair configured to replace a router that hosts a collection of IPSec Tunnels. Tunnels appear to work. I am lab'ing some additional controls that I would like to implement. On the Production Router that i plan to replace with the ASA's the current Tunnels are all wide open (all traffic allowed to pass). I was hoping to lock things down a little without having to reconfigure all of the Tunnels. My though was that an ACL on the Inside Interface blocking selected traffic Out (so into the LAN) should not impact the stability of the Tunnels but allow me to restrict some traffic from entering the LAN. One port that I was attempting to block is RDP 3389. When this ACL is applied to the inside interface it does not block Port 3389 at all. What am I missing? Is it that the trffic is being allowed because it is coming through one of my 'open' Tunnels?

Shouldn't IPSec Tunnel traffic be processed by the Inside Interface ACL just like all other traffic?

Our Local Network is behind the CISCO ASA Firewall.Whenever we are accessing to Client VPN server,it is getting connected but after few Minutes (May be 5/10/30 Min),the sessions are terminating. The same traffic through PIX is no issue , only with ASA Firewall. See the following Error and request you give the possible root cause for this.

We just migrated from a single 5510 to a dual (failover) 5520, It seems that everything is working except the remote VPN. We can establish a tunnel and authenticate as local users, (going to LDAP when all is working) but no traffic is passing. I know I am overlooking something but cant see it. [code]

Our ASA 5520 firewall is running 8.0(4) IOS.I have an internal L2L VPN terminating on my firewall (from an internal remote site) on ENG interface.With the default "sysopt connection permit-vpn" command enabled, VPN traffic is allowed to bypass the ENG interface acl.The security level on the ENG interface is set at 50.The security level on the destination interface PRODUCTION is set at 40.Inbound VPN traffic bypasses ENG interface acl and since higher-to-lower security level allows VPN traffic to flow freely from ENG to PRODUCTION, it seems the only place to check/filter VPN traffic is an ACL placed on the PRODCTTION interface and set at INBOUND (outbound VPN traffic).

I have a Cisco ASA 5520 (8.0) and I'm trying to figure out how to prioritize traffic to specific websites (by either domain names or IP addresses/ranges). This document [URL] has some great examples, but I'm not able to create a class-map that will match addresses. I'm not doing any other traffic manipulation on this ASA.

We can´t reach DMZ servers from other DMZ servers?If I make a ping from DMZ server to another, sometimes only recieve one ping, sometimes 4, sometimes 0.How can I allow the traffic between DMZ servers??

We have a 100 Mbps WAN circuit, we have configured an IPsec tunnel between ASA 5520 and Cisco 3845 Router for our DR site replication via Veeam Backup and Replication, it was working fine before, when we established the 3DES tunnel the traffic for certain subnets is dropped after an hour and it stops the replication, although tunnel remains up and we can access the other subnets, as soon as we clear the crypto SA and ISAKMP sessions on the firewall the traffic starts flowing again and then after an hour the traffic is dropped again.So far the testing and differnet configurations we tried are as under.

Tried with a different MTU size both on firewall and ESXi servers but nothing happened.Their is no QOS configuration.Checked the utilization on both ends its Noram although their are subsequent 100% spikes on Cisco 3845 but on average it remians at 30-40%.